Commit Graph

888890 Commits

Author SHA1 Message Date
Gilles Buloz
7713e62c86 hwmon: (nct7802) Fix voltage limits to wrong registers
in0 thresholds are written to the in2 thresholds registers
in2 thresholds to in3 thresholds
in3 thresholds to in4 thresholds
in4 thresholds to in0 thresholds

Signed-off-by: Gilles Buloz <gilles.buloz@kontron.com>
Link: https://lore.kernel.org/r/5de0f509.rc0oEvPOMjbfPW1w%gilles.buloz@kontron.com
Fixes: 3434f37835 ("hwmon: Driver for Nuvoton NCT7802Y")
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
2020-01-17 07:56:48 -08:00
Johan Hovold
9715a43eea USB: serial: quatech2: handle unbound ports
Check for NULL port data in the modem- and line-status handlers to avoid
dereferencing a NULL pointer in the unlikely case where a port device
isn't bound to a driver (e.g. after an allocation failure on port
probe).

Note that the other (stubbed) event handlers qt2_process_xmit_empty()
and qt2_process_flush() would need similar sanity checks in case they
are ever implemented.

Fixes: f7a33e608d ("USB: serial: add quatech2 usb to serial driver")
Cc: stable <stable@vger.kernel.org>     # 3.5
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
2020-01-17 16:22:59 +01:00
Johan Hovold
3018dd3fa1 USB: serial: keyspan: handle unbound ports
Check for NULL port data in the control URB completion handlers to avoid
dereferencing a NULL pointer in the unlikely case where a port device
isn't bound to a driver (e.g. after an allocation failure on port
probe()).

Fixes: 0ca1268e10 ("USB Serial Keyspan: add support for USA-49WG & USA-28XG")
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Cc: stable <stable@vger.kernel.org>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
2020-01-17 16:22:58 +01:00
Johan Hovold
1568c58d11 USB: serial: io_edgeport: add missing active-port sanity check
The driver receives the active port number from the device, but never
made sure that the port number was valid. This could lead to a
NULL-pointer dereference or memory corruption in case a device sends
data for an invalid port.

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Cc: stable <stable@vger.kernel.org>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
2020-01-17 16:22:57 +01:00
Johan Hovold
e37d1aeda7 USB: serial: io_edgeport: handle unbound ports on URB completion
Check for NULL port data in the shared interrupt and bulk completion
callbacks to avoid dereferencing a NULL pointer in case a device sends
data for a port device which isn't bound to a driver (e.g. due to a
malicious device having unexpected endpoints or after an allocation
failure on port probe).

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Cc: stable <stable@vger.kernel.org>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
2020-01-17 16:22:57 +01:00
Johan Hovold
4d5ef53f75 USB: serial: ch341: handle unbound port at reset_resume
Check for NULL port data in reset_resume() to avoid dereferencing a NULL
pointer in case the port device isn't bound to a driver (e.g. after a
failed control request at port probe).

Fixes: 1ded7ea47b ("USB: ch341 serial: fix port number changed after resume")
Cc: stable <stable@vger.kernel.org>     # 2.6.30
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
2020-01-17 16:22:45 +01:00
Josef Bacik
b35cf1f0bf btrfs: check rw_devices, not num_devices for balance
The fstest btrfs/154 reports

  [ 8675.381709] BTRFS: Transaction aborted (error -28)
  [ 8675.383302] WARNING: CPU: 1 PID: 31900 at fs/btrfs/block-group.c:2038 btrfs_create_pending_block_groups+0x1e0/0x1f0 [btrfs]
  [ 8675.390925] CPU: 1 PID: 31900 Comm: btrfs Not tainted 5.5.0-rc6-default+ #935
  [ 8675.392780] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba527-rebuilt.opensuse.org 04/01/2014
  [ 8675.395452] RIP: 0010:btrfs_create_pending_block_groups+0x1e0/0x1f0 [btrfs]
  [ 8675.402672] RSP: 0018:ffffb2090888fb00 EFLAGS: 00010286
  [ 8675.404413] RAX: 0000000000000000 RBX: ffff92026dfa91c8 RCX: 0000000000000001
  [ 8675.406609] RDX: 0000000000000000 RSI: ffffffff8e100899 RDI: ffffffff8e100971
  [ 8675.408775] RBP: ffff920247c61660 R08: 0000000000000000 R09: 0000000000000000
  [ 8675.410978] R10: 0000000000000000 R11: 0000000000000000 R12: 00000000ffffffe4
  [ 8675.412647] R13: ffff92026db74000 R14: ffff920247c616b8 R15: ffff92026dfbc000
  [ 8675.413994] FS:  00007fd5e57248c0(0000) GS:ffff92027d800000(0000) knlGS:0000000000000000
  [ 8675.416146] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  [ 8675.417833] CR2: 0000564aa51682d8 CR3: 000000006dcbc004 CR4: 0000000000160ee0
  [ 8675.419801] Call Trace:
  [ 8675.420742]  btrfs_start_dirty_block_groups+0x355/0x480 [btrfs]
  [ 8675.422600]  btrfs_commit_transaction+0xc8/0xaf0 [btrfs]
  [ 8675.424335]  reset_balance_state+0x14a/0x190 [btrfs]
  [ 8675.425824]  btrfs_balance.cold+0xe7/0x154 [btrfs]
  [ 8675.427313]  ? kmem_cache_alloc_trace+0x235/0x2c0
  [ 8675.428663]  btrfs_ioctl_balance+0x298/0x350 [btrfs]
  [ 8675.430285]  btrfs_ioctl+0x466/0x2550 [btrfs]
  [ 8675.431788]  ? mem_cgroup_charge_statistics+0x51/0xf0
  [ 8675.433487]  ? mem_cgroup_commit_charge+0x56/0x400
  [ 8675.435122]  ? do_raw_spin_unlock+0x4b/0xc0
  [ 8675.436618]  ? _raw_spin_unlock+0x1f/0x30
  [ 8675.438093]  ? __handle_mm_fault+0x499/0x740
  [ 8675.439619]  ? do_vfs_ioctl+0x56e/0x770
  [ 8675.441034]  do_vfs_ioctl+0x56e/0x770
  [ 8675.442411]  ksys_ioctl+0x3a/0x70
  [ 8675.443718]  ? trace_hardirqs_off_thunk+0x1a/0x1c
  [ 8675.445333]  __x64_sys_ioctl+0x16/0x20
  [ 8675.446705]  do_syscall_64+0x50/0x210
  [ 8675.448059]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
  [ 8675.479187] BTRFS: error (device vdb) in btrfs_create_pending_block_groups:2038: errno=-28 No space left

We now use btrfs_can_overcommit() to see if we can flip a block group
read only.  Before this would fail because we weren't taking into
account the usable un-allocated space for allocating chunks.  With my
patches we were allowed to do the balance, which is technically correct.

The test is trying to start balance on degraded mount.  So now we're
trying to allocate a chunk and cannot because we want to allocate a
RAID1 chunk, but there's only 1 device that's available for usage.  This
results in an ENOSPC.

But we shouldn't even be making it this far, we don't have enough
devices to restripe.  The problem is we're using btrfs_num_devices(),
that also includes missing devices. That's not actually what we want, we
need to use rw_devices.

The chunk_mutex is not needed here, rw_devices changes only in device
add, remove or replace, all are excluded by EXCL_OP mechanism.

Fixes: e4d8ec0f65 ("Btrfs: implement online profile changing")
CC: stable@vger.kernel.org # 4.4+
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
[ add stacktrace, update changelog, drop chunk_mutex ]
Signed-off-by: David Sterba <dsterba@suse.com>
2020-01-17 15:40:54 +01:00
Filipe Manana
5afe6ce748 Btrfs: always copy scrub arguments back to user space
If scrub returns an error we are not copying back the scrub arguments
structure to user space. This prevents user space to know how much
progress scrub has done if an error happened - this includes -ECANCELED
which is returned when users ask for scrub to stop. A particular use
case, which is used in btrfs-progs, is to resume scrub after it is
canceled, in that case it relies on checking the progress from the scrub
arguments structure and then use that progress in a call to resume
scrub.

So fix this by always copying the scrub arguments structure to user
space, overwriting the value returned to user space with -EFAULT only if
copying the structure failed to let user space know that either that
copying did not happen, and therefore the structure is stale, or it
happened partially and the structure is probably not valid and corrupt
due to the partial copy.

Reported-by: Graham Cobb <g.btrfs@cobb.uk.net>
Link: https://lore.kernel.org/linux-btrfs/d0a97688-78be-08de-ca7d-bcb4c7fb397e@cobb.uk.net/
Fixes: 06fe39ab15 ("Btrfs: do not overwrite scrub error with fault error in scrub ioctl")
CC: stable@vger.kernel.org # 5.1+
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Reviewed-by: Qu Wenruo <wqu@suse.com>
Tested-by: Graham Cobb <g.btrfs@cobb.uk.net>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2020-01-17 15:28:52 +01:00
Kalle Valo
21bdee92c6 First batch of fixes intended for v5.5
* Don't send the PPAG command when PPAG is disabled, since it can
   cause problems;
 * A few fixes for a HW bug;
 * A fix for RS offload;
 * A fix for 3168 devices where the NVM tables where the wrong tables
   were being read.
 * Fix a couple of potential memory leaks in TXQ code;
 * Disable L0S states in all hardware since our hardware doesn't
   officially support them anymore (and older versions of the hardware
   had instability in these states);
 * Remove lar_disable parameter since it has been causing issues for
   some people who erroneously disable it;
 * Force the debug monitor HW to stop also when debug is disabled,
   since it sometimes stays on and prevents low system power states;
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEF3LNfgb2BPWm68smoUecoho8xfoFAl4ZluIACgkQoUecoho8
 xfpwyRAAgbbh+groXBzC9t/GJ8XUFlEK3LbE++guDMJYBFLCQk9FF9ALyapmPRtI
 Z4G86Ec7fUNAXPNPJK3dZBu+YQ8KTxjM0TqcoB0Jt29a4DHaOo6o9ruqN3fdNuUY
 DmAtuKaNJDeECIi5CQIpO7ZLOnG68URnt55XDV7UidKZSsogeLrKMZbJKmtCmujH
 6IsP3Bo5CDU9GnSl9hzGjGdy0HAwDmtu4DM2Y1LKlRUyOVF492ZauhbekNJKL8Lo
 XkxZ/OOkVROSAbepViUks848cs8oSdmmZdraAZczZQUH2xM0+qcYDWY8oRjEFs3X
 wNJk6+eOB4KnEmptS1zDVQtIMbDh7kCuKFTKO3eAEcSJjfN+WDHoskAIujnRgM/e
 zFnMRtcWeiSSVbETUTp4ErCsoN4vmdbdgFuRMtrD3UKS+hVPxcbNyr4tGDjoSclH
 NsFK00wjdAOKpbpVBZ2/6VHMgiKxjeJ0U+qQQso+AgUCg+RLCR5cTCMiWK5biecu
 FQ8EQT7NXnYtG3hJyPGDzMEoMdqODoQl3C7f8rvnMkbevd+Nurw2Uu7mLaP/RWHC
 E5Nf3QMFwMVQCwXu0FjDAFdOIrROBwT6g5q9cLvzq9x5wyUkGYTEAjOScH6cmnhJ
 jm3X4IQZFi6A0ebWCxRaYjQN3i6U8rNEDFtYrJzpx3zq0dr3vFI=
 =8Wqs
 -----END PGP SIGNATURE-----

Merge tag 'iwlwifi-for-kalle-2020-01-11' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/iwlwifi-fixes

First batch of fixes intended for v5.5

* Don't send the PPAG command when PPAG is disabled, since it can
  cause problems;
* A few fixes for a HW bug;
* A fix for RS offload;
* A fix for 3168 devices where the NVM tables where the wrong tables
  were being read.
* Fix a couple of potential memory leaks in TXQ code;
* Disable L0S states in all hardware since our hardware doesn't
  officially support them anymore (and older versions of the hardware
  had instability in these states);
* Remove lar_disable parameter since it has been causing issues for
  some people who erroneously disable it;
* Force the debug monitor HW to stop also when debug is disabled,
  since it sometimes stays on and prevents low system power states;
2020-01-17 16:13:47 +02:00
Linus Torvalds
13b2668d6f GPIO fixes for the v5.5 series:
This reverts the GPIOLIB_IRQCHIP in the ThunderX driver.
 ThunderX is a piece of Arm-based server chip. I converted the driver to
 hierarchical gpiochip without access to real silicon and failed miserably
 since I didn't take MSI's into account.
 
 Kevin Hao helpfully stepped in and fixed it properly, let's revert it for
 v5.5 and put the proper conversion into v5.6.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEElDRnuGcz/wPCXQWMQRCzN7AZXXMFAl4haFsACgkQQRCzN7AZ
 XXMPNA//Q3oCIDZWS6Y3vI07Hsk6Ef5PA5DV/P+EVmAHjYyaHypoivQPvK6I1fWo
 orMcfE9lAucbQN3PACfut0q1RHRgUk9YSIpktntT7DLJKrlnOUELs6aGrh2wUMwq
 c8D5i5PNSu11+dpCyghI7EWiKLcNlXFRQQ8PF9j3NBHarXw1NKmM3P3RTmJpyQxe
 EiPMFo2i2fbW7V219eZZsWpjwSFTzWYm5oYYjwgobIEYht4s/p9IuQO/FgMPx7hh
 m++QM63mdQWXBLucxtX8LHF4LAXdyVFX6lwOB3X63UDb50ANtRgVdY+5teZcDDlT
 kok7RjLVYiYu9YUg9rCaQYRX3snao0InKemdGk9dlYNvb/uXj9OFeHWrumeAgyhi
 /n/qDPkbtACrdhNtQfJZymBFUlRDsGMJfyLt5QYSOp6ebrgwdv9MYJ8+F2O/rZJS
 foYkWw0hJjFFIXqLxttFWBL2EQXxn7hXhgmOormb3I0N4eir7uxmwU80We0KkXr+
 WdS6WKk4J0VK42+lUtVvgaYjEelLapr2IxcB69r67w16YO+JafVjZi9Tca6eL9WW
 4+1ZtX0AeIb0+A0k8PJ+ANJtERc5CQqJf+jl9MjJOdD+539aQziouFXnjh59WYZd
 C6iKR0jjCWW3Bd23sk9emcQ8g8paj3jFh4lEfTTPmJ5BE/Lsuc8=
 =nDpR
 -----END PGP SIGNATURE-----

Merge tag 'gpio-v5.5-4' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio

Pull GPIO fixes from Linus Walleij:
 "This reverts the GPIOLIB_IRQCHIP in the ThunderX driver.

  ThunderX is a piece of Arm-based server chip. I converted the driver
  to hierarchical gpiochip without access to real silicon and failed
  miserably since I didn't take MSI's into account.

  Kevin Hao helpfully stepped in and fixed it properly, let's revert it
  for v5.5 and put the proper conversion into v5.6"

* tag 'gpio-v5.5-4' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
  Revert "gpio: thunderx: Switch to GPIOLIB_IRQCHIP"
2020-01-17 06:03:11 -08:00
Linus Torvalds
5ffdff81cf block-5.5-2020-01-16
-----BEGIN PGP SIGNATURE-----
 
 iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAl4hOL0QHGF4Ym9lQGtl
 cm5lbC5kawAKCRD301j7KXHgpsJ9D/9hGO5/8LqHYipVQtBeVwaf33l3tF9eYgJ7
 1Jdh7rQuopCiiLAO4DCboiMz4f9vSvLGgPcNNfPMbD6Bx7C0axXEaO6gzy19U7vk
 ZTPPwBBzrCgiProE6Gb1QS/iNXLldJswoS1AlKCqwNQOkqzQ5BZ4QDiMpPmJ/MKj
 ea8aK1UrHRz7eXuf1xSVOMkc9krGEWz581jvAZgoc8+Q64nGvWLIF4s+GK+kpY+C
 Tsmda/pxCuyhG/RossCfX06j6UsiYbyGiXgrXszjt5QuvzGxtmPf9jZKVsed4K0m
 9SOENctY5fjEVViwYfSKxikB5bQ98OalGo/Ad+FdetKeIEIg0uWXboOOYBgSgUMF
 AYuxE91NjrvIbL2+Jt9NNFuIGUgXdTM/JXN5D8u5mb64psX/3QdZsBwEbivvmpGA
 6nkdgX/x8Y9t95BDs4PQ/CgWneTxQXTnDUTdlbo6Av8WQXroEeXWHzrjUE/O0Po1
 dm4n493Arlsn2+LRgG3hgiPbifQvJcYxBJwOe7uXMUuaWO2iOaFEsFOP5Dneit8R
 vDL7cwkv0/xzzrUPF61RZjfQDBrQG8nr5PTuHYupkloVA2eP2hRNnOuQIgWcX6vB
 9+db9VN/Wdf6MV0fqKjCZf9CVYUkC5SzF3YKQaEy8SA/1xKzrLdBEtQjIOu4Vh9Q
 NiZBp47Xgw==
 =f1JW
 -----END PGP SIGNATURE-----

Merge tag 'block-5.5-2020-01-16' of git://git.kernel.dk/linux-block

Pull block fixes from Jens Axboe:
 "Three fixes that should go into this release:

   - The 32-bit segment size fix that I mentioned last week (Ming)

   - Use uint for the block size (Mikulas)

   - A null_blk zone write handling fix (Damien)"

* tag 'block-5.5-2020-01-16' of git://git.kernel.dk/linux-block:
  block: fix an integer overflow in logical block size
  null_blk: Fix zone write handling
  block: fix get_max_segment_size() overflow on 32bit arch
2020-01-17 05:54:18 -08:00
Florian Fainelli
5a9ef19454 net: systemport: Fixed queue mapping in internal ring map
We would not be transmitting using the correct SYSTEMPORT transmit queue
during ndo_select_queue() which looks up the internal TX ring map
because while establishing the mapping we would be off by 4, so for
instance, when we populate switch port mappings we would be doing:

switch port 0, queue 0 -> ring index #0
switch port 0, queue 1 -> ring index #1
...
switch port 0, queue 3 -> ring index #3
switch port 1, queue 0 -> ring index #8 (4 + 4 * 1)
...

instead of using ring index #4. This would cause our ndo_select_queue()
to use the fallback queue mechanism which would pick up an incorrect
ring for that switch port. Fix this by using the correct switch queue
number instead of SYSTEMPORT queue number.

Fixes: 25c4407046 ("net: systemport: Simplify queue mapping logic")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-17 13:31:14 +01:00
Florian Fainelli
8f1880cbe8 net: dsa: bcm_sf2: Configure IMP port for 2Gb/sec
With the implementation of the system reset controller we lost a setting
that is currently applied by the bootloader and which configures the IMP
port for 2Gb/sec, the default is 1Gb/sec. This is needed given the
number of ports and applications we expect to run so bring back that
setting.

Fixes: 01b0ac07589e ("net: dsa: bcm_sf2: Add support for optional reset controller line")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-17 13:26:27 +01:00
Vladimir Oltean
27afe0d34e net: dsa: sja1105: Don't error out on disabled ports with no phy-mode
The sja1105_parse_ports_node function was tested only on device trees
where all ports were enabled. Fix this check so that the driver
continues to probe only with the ports where status is not "disabled",
as expected.

Fixes: 8aa9ebccae ("net: dsa: Introduce driver for NXP SJA1105 5-port L2 switch")
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-17 13:22:12 +01:00
Michael Grzeschik
86ffe920e6 net: phy: dp83867: Set FORCE_LINK_GOOD to default after reset
According to the Datasheet this bit should be 0 (Normal operation) in
default. With the FORCE_LINK_GOOD bit set, it is not possible to get a
link. This patch sets FORCE_LINK_GOOD to the default value after
resetting the phy.

Signed-off-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-17 11:36:18 +01:00
Kan Liang
2167f1625c perf/x86/intel/uncore: Remove PCIe3 unit for SNR
The PCIe Root Port driver for CPU Complex PCIe Root Ports are not
loaded on SNR.

The device ID for SNR PCIe3 unit is used by both uncore driver and the
PCIe Root Port driver. If uncore driver is loaded, the PCIe Root Port
driver never be probed.

Remove the PCIe3 unit for SNR for now. The support for PCIe3 unit will
be added later separately.

Signed-off-by: Kan Liang <kan.liang@linux.intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Link: https://lkml.kernel.org/r/20200116200210.18937-2-kan.liang@linux.intel.com
2020-01-17 11:33:38 +01:00
Kan Liang
fa694ae532 perf/x86/intel/uncore: Fix missing marker for snr_uncore_imc_freerunning_events
An Oops during the boot is found on some SNR machines.  It turns out
this is because the snr_uncore_imc_freerunning_events[] array was
missing an end-marker.

Fixes: ee49532b38 ("perf/x86/intel/uncore: Add IMC uncore support for Snow Ridge")
Reported-by: Like Xu <like.xu@linux.intel.com>
Signed-off-by: Kan Liang <kan.liang@linux.intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Tested-by: Like Xu <like.xu@linux.intel.com>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/20200116200210.18937-1-kan.liang@linux.intel.com
2020-01-17 11:33:28 +01:00
Kan Liang
e743830451 perf/x86/intel/uncore: Add PCI ID of IMC for Xeon E3 V5 Family
The IMC uncore support is missed for E3-1585 v5 CPU.

Intel Xeon E3 V5 Family has Sky Lake CPU.
Add the PCI ID of IMC for Intel Xeon E3 V5 Family.

Reported-by: Rosales-fernandez, Carlos <carlos.rosales-fernandez@intel.com>
Signed-off-by: Kan Liang <kan.liang@linux.intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Tested-by: Rosales-fernandez, Carlos <carlos.rosales-fernandez@intel.com>
Link: https://lkml.kernel.org/r/1578687311-158748-1-git-send-email-kan.liang@linux.intel.com
2020-01-17 11:33:18 +01:00
Mark Rutland
da9ec3d3dd perf: Correctly handle failed perf_get_aux_event()
Vince reports a worrying issue:

| so I was tracking down some odd behavior in the perf_fuzzer which turns
| out to be because perf_even_open() sometimes returns 0 (indicating a file
| descriptor of 0) even though as far as I can tell stdin is still open.

... and further the cause:

| error is triggered if aux_sample_size has non-zero value.
|
| seems to be this line in kernel/events/core.c:
|
| if (perf_need_aux_event(event) && !perf_get_aux_event(event, group_leader))
|                goto err_locked;
|
| (note, err is never set)

This seems to be a thinko in commit:

  ab43762ef0 ("perf: Allow normal events to output AUX data")

... and we should probably return -EINVAL here, as this should only
happen when the new event is mis-configured or does not have a
compatible aux_event group leader.

Fixes: ab43762ef0 ("perf: Allow normal events to output AUX data")
Reported-by: Vince Weaver <vincent.weaver@maine.edu>
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Acked-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Tested-by: Vince Weaver <vincent.weaver@maine.edu>
2020-01-17 11:32:44 +01:00
Yonglong Liu
49edd6a2c4 net: hns: fix soft lockup when there is not enough memory
When there is not enough memory and napi_alloc_skb() return NULL,
the HNS driver will print error message, and than try again, if
the memory is not enough for a while, huge error message and the
retry operation will cause soft lockup.

When napi_alloc_skb() return NULL because of no memory, we can
get a warn_alloc() call trace, so this patch deletes the error
message. We already use polling mode to handle irq, but the
retry operation will render the polling weight inactive, this
patch just return budget when the rx is not completed to avoid
dead loop.

Fixes: 36eedfde1a ("net: hns: Optimize hns_nic_common_poll for better performance")
Fixes: b5996f11ea ("net: add Hisilicon Network Subsystem basic ethernet support")
Signed-off-by: Yonglong Liu <liuyonglong@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-17 11:19:12 +01:00
Johan Hovold
fdb838efa3 USB: serial: suppress driver bind attributes
USB-serial drivers must not be unbound from their ports before the
corresponding USB driver is unbound from the parent interface so
suppress the bind and unbind attributes.

Unbinding a serial driver while it's port is open is a sure way to
trigger a crash as any driver state is released on unbind while port
hangup is handled on the parent USB interface level. Drivers for
multiport devices where ports share a resource such as an interrupt
endpoint also generally cannot handle individual ports going away.

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Cc: stable <stable@vger.kernel.org>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
2020-01-17 11:11:26 +01:00
Cong Wang
53d374979e net: avoid updating qdisc_xmit_lock_key in netdev_update_lockdep_key()
syzbot reported some bogus lockdep warnings, for example bad unlock
balance in sch_direct_xmit(). They are due to a race condition between
slow path and fast path, that is qdisc_xmit_lock_key gets re-registered
in netdev_update_lockdep_key() on slow path, while we could still
acquire the queue->_xmit_lock on fast path in this small window:

CPU A						CPU B
						__netif_tx_lock();
lockdep_unregister_key(qdisc_xmit_lock_key);
						__netif_tx_unlock();
lockdep_register_key(qdisc_xmit_lock_key);

In fact, unlike the addr_list_lock which has to be reordered when
the master/slave device relationship changes, queue->_xmit_lock is
only acquired on fast path and only when NETIF_F_LLTX is not set,
so there is likely no nested locking for it.

Therefore, we can just get rid of re-registration of
qdisc_xmit_lock_key.

Reported-by: syzbot+4ec99438ed7450da6272@syzkaller.appspotmail.com
Fixes: ab92d68fc2 ("net: core: add generic lockdep keys")
Cc: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Acked-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-17 11:02:44 +01:00
Eric Dumazet
44c23d7159 net/sched: act_ife: initalize ife->metalist earlier
It seems better to init ife->metalist earlier in tcf_ife_init()
to avoid the following crash :

kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 10483 Comm: syz-executor216 Not tainted 5.5.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:_tcf_ife_cleanup net/sched/act_ife.c:412 [inline]
RIP: 0010:tcf_ife_cleanup+0x6e/0x400 net/sched/act_ife.c:431
Code: 48 c1 ea 03 80 3c 02 00 0f 85 94 03 00 00 49 8b bd f8 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8d 67 e8 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 5c 03 00 00 48 bb 00 00 00 00 00 fc ff df 48 8b
RSP: 0018:ffffc90001dc6d00 EFLAGS: 00010246
RAX: dffffc0000000000 RBX: ffffffff864619c0 RCX: ffffffff815bfa09
RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000000
RBP: ffffc90001dc6d50 R08: 0000000000000004 R09: fffff520003b8d8e
R10: fffff520003b8d8d R11: 0000000000000003 R12: ffffffffffffffe8
R13: ffff8880a79fc000 R14: ffff88809aba0e00 R15: 0000000000000000
FS:  0000000001b51880(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000563f52cce140 CR3: 0000000093541000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 tcf_action_cleanup+0x62/0x1b0 net/sched/act_api.c:119
 __tcf_action_put+0xfa/0x130 net/sched/act_api.c:135
 __tcf_idr_release net/sched/act_api.c:165 [inline]
 __tcf_idr_release+0x59/0xf0 net/sched/act_api.c:145
 tcf_idr_release include/net/act_api.h:171 [inline]
 tcf_ife_init+0x97c/0x1870 net/sched/act_ife.c:616
 tcf_action_init_1+0x6b6/0xa40 net/sched/act_api.c:944
 tcf_action_init+0x21a/0x330 net/sched/act_api.c:1000
 tcf_action_add+0xf5/0x3b0 net/sched/act_api.c:1410
 tc_ctl_action+0x390/0x488 net/sched/act_api.c:1465
 rtnetlink_rcv_msg+0x45e/0xaf0 net/core/rtnetlink.c:5424
 netlink_rcv_skb+0x177/0x450 net/netlink/af_netlink.c:2477
 rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:5442
 netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
 netlink_unicast+0x58c/0x7d0 net/netlink/af_netlink.c:1328
 netlink_sendmsg+0x91c/0xea0 net/netlink/af_netlink.c:1917
 sock_sendmsg_nosec net/socket.c:639 [inline]
 sock_sendmsg+0xd7/0x130 net/socket.c:659
 ____sys_sendmsg+0x753/0x880 net/socket.c:2330
 ___sys_sendmsg+0x100/0x170 net/socket.c:2384
 __sys_sendmsg+0x105/0x1d0 net/socket.c:2417
 __do_sys_sendmsg net/socket.c:2426 [inline]
 __se_sys_sendmsg net/socket.c:2424 [inline]
 __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2424
 do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x49/0xbe

Fixes: 11a94d7fd8 ("net/sched: act_ife: validate the control action inside init()")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Cc: Davide Caratti <dcaratti@redhat.com>
Reviewed-by: Davide Caratti <dcaratti@redhat.com>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-17 10:58:15 +01:00
David S. Miller
a72b6a1ee4 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says:

====================
Netfilter updates for net

The following patchset contains Netfilter fixes for net:

1) Fix use-after-free in ipset bitmap destroy path, from Cong Wang.

2) Missing init netns in entry cleanup path of arp_tables,
   from Florian Westphal.

3) Fix WARN_ON in set destroy path due to missing cleanup on
   transaction error.

4) Incorrect netlink sanity check in tunnel, from Florian Westphal.

5) Missing sanity check for erspan version netlink attribute, also
   from Florian.

6) Remove WARN in nft_request_module() that can be triggered from
   userspace, from Florian Westphal.

7) Memleak in NFTA_HOOK_DEVS netlink parser, from Dan Carpenter.

8) List poison from commit path for flowtables that are added and
   deleted in the same batch, from Florian Westphal.

9) Fix NAT ICMP packet corruption, from Eyal Birger.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-17 10:36:07 +01:00
Waiman Long
39e7234f00 locking/rwsem: Fix kernel crash when spinning on RWSEM_OWNER_UNKNOWN
The commit 91d2a812df ("locking/rwsem: Make handoff writer
optimistically spin on owner") will allow a recently woken up waiting
writer to spin on the owner. Unfortunately, if the owner happens to be
RWSEM_OWNER_UNKNOWN, the code will incorrectly spin on it leading to a
kernel crash. This is fixed by passing the proper non-spinnable bits
to rwsem_spin_on_owner() so that RWSEM_OWNER_UNKNOWN will be treated
as a non-spinnable target.

Fixes: 91d2a812df ("locking/rwsem: Make handoff writer optimistically spin on owner")

Reported-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Waiman Long <longman@redhat.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Tested-by: Christoph Hellwig <hch@lst.de>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/20200115154336.8679-1-longman@redhat.com
2020-01-17 10:19:27 +01:00
Linus Walleij
319d5cce72 intel-pinctrl for v5.5-3
* Fix Interrupt Status register offset for Intel Sunrisepoint PCH-H.
 
 The following is an automated git shortlog grouped by driver:
 
 sunrisepoint:
  -  Add missing Interrupt Status register offset
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEqaflIX74DDDzMJJtb7wzTHR8rCgFAl4XC7AACgkQb7wzTHR8
 rChhnA//e/BHEYPHwQpbZfl90sdDFDX6VhMko1ApjZveFCFYbgonwVSghRCAj0vx
 h0diyT/doswJZ+sHRY0eTFeuOLMigB4ZX1rV0ON7jKGVQFtHk0UNYdm0LqLqxbHW
 H6RvJ0tdFsoweTtAwMeuI6uIWG0KV9+zyNMEtfHwVT7M36eFx2pfhGq71J7Caz9+
 Iem6sDYjAkdo1UWVNV4bdn6RzUKuj1GTJNZHVbgp91Y6ApF8Y+DSk2BfjvUU4wqn
 4E5M1MVR1M4GX7ak+7hkN7QX/stR+G5DzuK5+QDPyOQOypd2vBkRQxTAG7wLEp6W
 UR2VT0696DB8yyYuT/C36RctzW6jdyTb9GxYeCIlNM2z/zHPwaxmDwgtLcrr2E01
 oKbmHD5KFnoYJ9RJC6QJxnhpXs1zcZRd3V5YnbMM8Jx5bDrP8vwKnOXokIEHrkxO
 JEn5aoNkmpvefB2+LxNJ+zodi+FTDKZNmQY9uCCtf1OtqeOPze8b6m+hAYmkzGnV
 8RSVYE+leBCRUYSp13uVTq3FFS8uclhxveCvyUwolhDsEjfUOTIEwH7V7xOn/x+y
 5DCBUyf3dipDIDVCnwiwB9J4Y7YI46yTLpHBT3E57KuqZ1NOYS5RYsX6Ks8IpbJL
 iP9qHgEMIJlqzh4E2mTFQ/ZZlG5ko1uLK81n/oaEzBudnzslp9U=
 =7pOQ
 -----END PGP SIGNATURE-----

Merge tag 'intel-pinctrl-v5.5-3' of git://git.kernel.org/pub/scm/linux/kernel/git/pinctrl/intel into fixes

intel-pinctrl for v5.5-3

* Fix Interrupt Status register offset for Intel Sunrisepoint PCH-H.

The following is an automated git shortlog grouped by driver:

sunrisepoint:
 -  Add missing Interrupt Status register offset
2020-01-17 09:07:26 +01:00
Jens Axboe
44d282796f io_uring: only allow submit from owning task
If the credentials or the mm doesn't match, don't allow the task to
submit anything on behalf of this ring. The task that owns the ring can
pass the file descriptor to another task, but we don't want to allow
that task to submit an SQE that then assumes the ring mm and creds if
it needs to go async.

Cc: stable@vger.kernel.org
Suggested-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2020-01-16 21:43:24 -07:00
Johan Hovold
ba9a103f40 Input: keyspan-remote - fix control-message timeouts
The driver was issuing synchronous uninterruptible control requests
without using a timeout. This could lead to the driver hanging on probe
due to a malfunctioning (or malicious) device until the device is
physically disconnected. While sleeping in probe the driver prevents
other devices connected to the same hub from being added to (or removed
from) the bus.

The USB upper limit of five seconds per request should be more than
enough.

Fixes: 99f83c9c9a ("[PATCH] USB: add driver for Keyspan Digital Remote")
Signed-off-by: Johan Hovold <johan@kernel.org>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: stable <stable@vger.kernel.org>     # 2.6.13
Link: https://lore.kernel.org/r/20200113171715.30621-1-johan@kernel.org
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
2020-01-16 20:26:45 -08:00
Bartosz Golaszewski
ce535a2efb Input: max77650-onkey - add of_match table
We need the of_match table if we want to use the compatible string in
the pmic's child node and get the onkey driver loaded automatically.

Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
2020-01-16 20:23:24 -08:00
Hans Verkuil
c15f8ba6dc Input: rmi_f54 - read from FIFO in 32 byte blocks
The F54 Report Data is apparently read through a fifo and for
the smbus protocol that means that between reading a block of 32
bytes the rmiaddr shouldn't be incremented. However, changing
that causes other non-fifo reads to fail and so that change was
reverted.

This patch changes just the F54 function and it now reads 32 bytes
at a time from the fifo, using the F54_FIFO_OFFSET to update the
start address that is used when reading from the fifo.

This has only been tested with smbus, not with i2c or spi. But I
suspect that the same is needed there since I think similar
problems will occur there when reading more than 256 bytes.

Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Tested-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Reported-by: Timo Kaufmann <timokau@zoho.com>
Link: https://lore.kernel.org/r/20200115124819.3191024-3-hverkuil-cisco@xs4all.nl
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
2020-01-16 20:22:56 -08:00
Hans Verkuil
8ff771f8c8 Revert "Input: synaptics-rmi4 - don't increment rmiaddr for SMBus transfers"
This reverts commit a284e11c37.

This causes problems (drifting cursor) with at least the F11 function that
reads more than 32 bytes.

The real issue is in the F54 driver, and so this should be fixed there, and
not in rmi_smbus.c.

So first revert this bad commit, then fix the real problem in F54 in another
patch.

Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Reported-by: Timo Kaufmann <timokau@zoho.com>
Fixes: a284e11c37 ("Input: synaptics-rmi4 - don't increment rmiaddr for SMBus transfers")
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20200115124819.3191024-2-hverkuil-cisco@xs4all.nl
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
2020-01-16 20:22:55 -08:00
Linus Torvalds
575966e080 ARM: SoC fixes
I've been sitting on these longer than I meant, so the patch count is
 a bit higher than ideal for this part of the release. There's also some
 reverts of double-applied patches that brings the diffstat up a bit.
 
 With that said, the biggest changes are:
 
  - Revert of duplicate i2c device addition on two Aspeed (BMC) Devicetrees.
  - Move of two device nodes that got applied to the wrong part of the
    tree on ASpeed G6.
  - Regulator fix for Beaglebone X15 (adding 12/5V supplies)
  - Use interrupts for keys on Amlogic SM1 to avoid missed polls
 
 In addition to that, there is a collection of smaller DT fixes:
 
  - Power supply assignment fixes for i.MX6
  - Fix of interrupt line for magnetometer on i.MX8 Librem5 devkit
  - Build fixlets (selects) for davinci/omap2+
  - More interrupt number fixes for Stratix10, Amlogic SM1, etc.
  - ... and more similar fixes across different platforms
 
 And some non-DT stuff:
 
  - optee fix to register multiple shared pages properly
  - Clock calculation fixes for MMP3
  - Clock fixes for OMAP as well
 -----BEGIN PGP SIGNATURE-----
 
 iQJDBAABCAAtFiEElf+HevZ4QCAJmMQ+jBrnPN6EHHcFAl4hIooPHG9sb2ZAbGl4
 b20ubmV0AAoJEIwa5zzehBx3vckP/jT/yrodXuK3OLtBnDQI4Em5b14uJQxEAsh+
 fTaz1H3n82PaWJVaEXpRTYMa4WZnmMPazoAoDhuqWnz/VbzfXmufFIIXsQ0rJqbf
 Ht1LWvx7hd5q49aq2x1o9Nuo5OKMbW8igQqsx7PqjSOQRaAZTkxZhOI1C9pKnnnD
 oJU8nw19N8yCQILxXMmpBX2vczWyJ3tgH6v8rhB89riBXouqwcKbTRyI0ciFdO91
 mPlfF9qwqZ99bb+7WqalrtOr+/0VgvhB3oCNzoWYPptipiaLGdH4ZXVEhyCUDmrY
 WN1kZsBtK+jtDLcMdRqg+EmbijxcxA0DSLDCow1QwuMPNHxVN5du1JN7b4uTvCPX
 sHbrDO/YdiSWx20VZID/x/sWqcQyBrDqZkA3NWhoClm75JGQUHP16pZUURCN/awy
 IGApkQ5164Ac+2DFHgh3S7qKXWk7O+hY6iksyRPPZkj31d4mCimdVaHDV/c3aeI/
 EnUI6nj6H3ghYTX2gl3yhT8d4yCM+2uSawdIFWGNvB85vs1koAUEuczc6Me8JdZV
 4HWexVs8W0Jo1w3Ndq3Hxw0RTKccC34x1f4dnzSSSEF7t4GMveTdecd/D77aiT2x
 eVNox3PIAfjR96et2vQ1C+hVRyEqn/hDapvR5OI/78F2ampee8m8tWQDYIlH/RbZ
 pdBTN5CS
 =MMJu
 -----END PGP SIGNATURE-----

Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc

Pull ARM SoC fixes from Olof Johansson:
 "I've been sitting on these longer than I meant, so the patch count is
  a bit higher than ideal for this part of the release. There's also
  some reverts of double-applied patches that brings the diffstat up a
  bit.

  With that said, the biggest changes are:

   - Revert of duplicate i2c device addition on two Aspeed (BMC)
     Devicetrees.

   - Move of two device nodes that got applied to the wrong part of the
     tree on ASpeed G6.

   - Regulator fix for Beaglebone X15 (adding 12/5V supplies)

   - Use interrupts for keys on Amlogic SM1 to avoid missed polls

  In addition to that, there is a collection of smaller DT fixes:

   - Power supply assignment fixes for i.MX6

   - Fix of interrupt line for magnetometer on i.MX8 Librem5 devkit

   - Build fixlets (selects) for davinci/omap2+

   - More interrupt number fixes for Stratix10, Amlogic SM1, etc.

   - ... and more similar fixes across different platforms

  And some non-DT stuff:

   - optee fix to register multiple shared pages properly

   - Clock calculation fixes for MMP3

   - Clock fixes for OMAP as well"

* tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (42 commits)
  MAINTAINERS: Add myself as the co-maintainer for Actions Semi platforms
  ARM: dts: imx7: Fix Toradex Colibri iMX7S 256MB NAND flash support
  ARM: dts: imx6sll-evk: Remove incorrect power supply assignment
  ARM: dts: imx6sl-evk: Remove incorrect power supply assignment
  ARM: dts: imx6sx-sdb: Remove incorrect power supply assignment
  ARM: dts: imx6qdl-sabresd: Remove incorrect power supply assignment
  ARM: dts: imx6q-icore-mipi: Use 1.5 version of i.Core MX6DL
  ARM: omap2plus: select RESET_CONTROLLER
  ARM: davinci: select CONFIG_RESET_CONTROLLER
  ARM: dts: aspeed: rainier: Fix fan fault and presence
  ARM: dts: aspeed: rainier: Remove duplicate i2c busses
  ARM: dts: aspeed: tacoma: Remove duplicate flash nodes
  ARM: dts: aspeed: tacoma: Remove duplicate i2c busses
  ARM: dts: aspeed: tacoma: Fix fsi master node
  ARM: dts: aspeed-g6: Fix FSI master location
  ARM: dts: mmp3: Fix the TWSI ranges
  clk: mmp2: Fix the order of timer mux parents
  ARM: mmp: do not divide the clock rate
  arm64: dts: rockchip: Fix IR on Beelink A1
  optee: Fix multi page dynamic shm pool alloc
  ...
2020-01-16 19:42:08 -08:00
Linus Torvalds
ef64753c19 Second collection of clk fixes for the next release. This one includes a
fix for PM on TI SoCs with sysc devices and fixes a bunch of clks that
 are stuck always enabled on Qualcomm SDM845 SoCs. Allwinner SoCs get the
 usual set of fixes too, mostly correcting drivers to have the right bits
 that match the hardware. There's also a Samsung and Tegra fix in here
 to mark a clk critical and avoid a double free. And finally there's a
 fix for critical clks that silences a big warning splat about trying
 to enable a clk that couldn't even be prepared.
 -----BEGIN PGP SIGNATURE-----
 
 iQJFBAABCAAvFiEE9L57QeeUxqYDyoaDrQKIl8bklSUFAl4hFa8RHHNib3lkQGtl
 cm5lbC5vcmcACgkQrQKIl8bklSXvmBAAgNbbQwWVU53Ymt6DLTb3NjxDQUwZvYSx
 oaSO4sayDQm2yvPKZ97R+j3jkV2eaaEHmG3LrbOrJovJrmK47sF6dRzEmGA2lSLs
 o1kGu9ExENzmB0NVlfe0SPBIy2Qt7dU/owC/B7I1zgNHilfJ6B3kygU1v7SV3Tkn
 o1BgM4uz/IwoFjXf4eET1KSoTXnrauFdEyZxQavyq1TljSgx4hdteqlz3G3EdDiY
 ZANuxMoZg2rgYoQq3mpTnmo3mrmu/CZ5OaOy0+013YKpMjcHjJsW5/gc3uuV9ykl
 gSLUECFXzcAuM2sbN6e0wQB3NCi6IB6eB21QRRP+WdS261zvBef9o+ZxBSAtQ3uG
 nUdwWvtAt7jV91kqieTSTKuk4Mqy7hNxpcwuCnk5xDQ91e34yKAhRIGUtHd33ONd
 1o9/gI6QOeFl85Ip0a8iWmSCB/+fkwhq1+NeqQvKpOeXwWsrOYogqsg1D3InM532
 d2LgOwZjwN/zKMTlq6nYt89w0QFMV1BVc3OP03qeBT26YpOzIqPaqskKYWUOwjoc
 Ys82djE2+HyoGkxxIzg2LnATaEjgUEN3tTKEazOsvrpj5pMPnCFOIRD31qn6gJL6
 JBiWi7cK8HK1ofKEGgQt2TW0AdDz7e1JVfXBDCR7vXijES0aeGOK8ZUJOMJdq7MI
 h0tfGFOz9YM=
 =KM9j
 -----END PGP SIGNATURE-----

Merge tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux

Pull clk fixes from Stephen Boyd:
 "Second collection of clk fixes for the next release.

  This one includes a fix for PM on TI SoCs with sysc devices and fixes
  a bunch of clks that are stuck always enabled on Qualcomm SDM845 SoCs.

  Allwinner SoCs get the usual set of fixes too, mostly correcting
  drivers to have the right bits that match the hardware.

  There's also a Samsung and Tegra fix in here to mark a clk critical
  and avoid a double free.

  And finally there's a fix for critical clks that silences a big
  warning splat about trying to enable a clk that couldn't even be
  prepared"

* tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux:
  clk: ti: dra7-atl: Remove pm_runtime_irq_safe()
  clk: qcom: gcc-sdm845: Add missing flag to votable GDSCs
  clk: sunxi-ng: h6-r: Fix AR100/R_APB2 parent order
  clk: sunxi-ng: h6-r: Simplify R_APB1 clock definition
  clk: sunxi-ng: sun8i-r: Fix divider on APB0 clock
  clk: Don't try to enable critical clocks if prepare failed
  clk: tegra: Fix double-free in tegra_clk_init()
  clk: samsung: exynos5420: Keep top G3D clocks enabled
  clk: sunxi-ng: r40: Allow setting parent rate for external clock outputs
  clk: sunxi-ng: v3s: Fix incorrect number of hw_clks.
2020-01-16 19:25:11 -08:00
Linus Torvalds
f4353c3e2a Power management fix for 5.5-rc7
Fix a coding mistake in the teo cpuidle governor causing data
 to be written beyond the last array element (Ikjoon Jang).
 -----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEE4fcc61cGeeHD/fCwgsRv/nhiVHEFAl4g7jcSHHJqd0Byand5
 c29ja2kubmV0AAoJEILEb/54YlRxYyEQAJqkb9qUJg1rDqPPDrEpKp/C46EdlQ2u
 zvop0SlJoViccuccerltMEtpFnaF8atugNk5Up0R7jrWdyoI6/Q1UKht5+q4B5jV
 pSJ0PzblFCeJIQZl1ekljv/0kMeMA/i2/2SE2oL5lQ/BcyHE6ObFnWqFepKIuO2H
 LYJIbkR5VcVTux27eiClrcPNR5GumrXRTOW8AYpMN3A/qsIsX6KB2Ans9ioneN8a
 zh6UYSbPKuf942unDfjbs/a5UgOVOMcmWk0VgmdMwhKK5zR7VrpqnGUjNKzDXiqk
 Ag1RYhw8snfaXxYdKuqGMqu/kKr0lL3k59rvM7qfnO4uBnFaaBYDIDFwOX0mSvnH
 8Eti6f/0zet5TDxFbYuSY/iMfc2Ehsy6SflGxfhx6aHtmbkynTMu0uEA+8ehd9OJ
 z4WcEoxm6aB9XsC7uOgn17bM/jA4A2KPzrbwD0yew0RXY7V7Xma4zJ6cJELvwnpX
 NXclQbBH/pjLmdq7T/T4fsYBXU1uEpF40bc5w+FB2WENXi5dA82hV9gCgGbgPbGh
 qYXfDvVXBFMrhzhrsmVHydCvFv8oyLCbJs15MdjQXfn1CNLO0F66u9OUJdsTaPMo
 g1MuJ37W3im5Y7yQzYMEbpzJit0TxgjajDxiNxwxdkLZJScfQfWie6FW2mgpoBLB
 1fiaaUQBLvrv
 =kBj8
 -----END PGP SIGNATURE-----

Merge tag 'pm-5.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

Pull power management fix from Rafael Wysocki:
 "Fix a coding mistake in the teo cpuidle governor causing data to be
  written beyond the last array element (Ikjoon Jang)"

* tag 'pm-5.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  cpuidle: teo: Fix intervals[] array indexing bug
2020-01-16 15:55:30 -08:00
Manivannan Sadhasivam
70db729fe1 MAINTAINERS: Add myself as the co-maintainer for Actions Semi platforms
Since I've been doing the maintainership work for couple of cycles, we've
decided to add myself as the co-maintainer along with Andreas.

Link: https://lore.kernel.org/r/20200114084348.25659-2-manivannan.sadhasivam@linaro.org
Cc: "Andreas Färber" <afaerber@suse.de>
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Acked-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Olof Johansson <olof@lixom.net>
2020-01-16 15:49:19 -08:00
Alexander Potapenko
18451f9f9e PM: hibernate: fix crashes with init_on_free=1
Upon resuming from hibernation, free pages may contain stale data from
the kernel that initiated the resume. This breaks the invariant
inflicted by init_on_free=1 that freed pages must be zeroed.

To deal with this problem, make clear_free_pages() also clear the free
pages when init_on_free is enabled.

Fixes: 6471384af2 ("mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options")
Reported-by: Johannes Stezenbach <js@sig21.net>
Signed-off-by: Alexander Potapenko <glider@google.com>
Cc: 5.3+ <stable@vger.kernel.org> # 5.3+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2020-01-16 23:51:45 +01:00
Tom Lendacky
a006483b2f x86/CPU/AMD: Ensure clearing of SME/SEV features is maintained
If the SME and SEV features are present via CPUID, but memory encryption
support is not enabled (MSR 0xC001_0010[23]), the feature flags are cleared
using clear_cpu_cap(). However, if get_cpu_cap() is later called, these
feature flags will be reset back to present, which is not desired.

Change from using clear_cpu_cap() to setup_clear_cpu_cap() so that the
clearing of the flags is maintained.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: <stable@vger.kernel.org> # 4.16.x-
Link: https://lkml.kernel.org/r/226de90a703c3c0be5a49565047905ac4e94e8f3.1579125915.git.thomas.lendacky@amd.com
2020-01-16 20:23:20 +01:00
Linus Torvalds
0c99ee44b8 platform/chrome fixes for v5.5-rc7.
One fix in the wilco_ec keyboard backlight driver
 to allow the EC driver to continue loading in the absence
 of a backlight module.
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYKAB0WIQQCtZK6p/AktxXfkOlzbaomhzOwwgUCXiCicQAKCRBzbaomhzOw
 ws7lAP9JZTQi2nqmYOfink9JAEQbNSMO1tdrvQiZpYPXZ/j4LgD/c1hg2ae9MMGX
 at2A9ffaLAXEKEJ16U7A3vUlDOO9bQY=
 =2Otp
 -----END PGP SIGNATURE-----

Merge tag 'tag-chrome-platform-fixes-for-v5.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/chrome-platform/linux

Pull chrome platform fix from Benson Leung:
 "One fix in the wilco_ec keyboard backlight driver to allow the EC
  driver to continue loading in the absence of a backlight module"

* tag 'tag-chrome-platform-fixes-for-v5.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/chrome-platform/linux:
  platform/chrome: wilco_ec: Fix keyboard backlight probing
2020-01-16 10:26:40 -08:00
Reinhard Speyerer
f3eaabbfd0 USB: serial: option: add support for Quectel RM500Q in QDL mode
Add support for Quectel RM500Q in QDL mode.

T:  Bus=02 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 24 Spd=480  MxCh= 0
D:  Ver= 2.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs=  1
P:  Vendor=2c7c ProdID=0800 Rev= 0.00
S:  Manufacturer=Qualcomm CDMA Technologies MSM
S:  Product=QUSB_BULK_SN:xxxxxxxx
S:  SerialNumber=xxxxxxxx
C:* #Ifs= 1 Cfg#= 1 Atr=a0 MxPwr=  2mA
I:* If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=10 Driver=option
E:  Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E:  Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms

It is assumed that the ZLP flag required for other Qualcomm-based
5G devices also applies to Quectel RM500Q.

Signed-off-by: Reinhard Speyerer <rspmn@arcor.de>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
2020-01-16 16:54:34 +01:00
Jeff Mahoney
394440d469 reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr
Commit 60e4cf67a5 (reiserfs: fix extended attributes on the root
directory) introduced a regression open_xa_root started returning
-EOPNOTSUPP but it was not handled properly in reiserfs_for_each_xattr.

When the reiserfs module is built without CONFIG_REISERFS_FS_XATTR,
deleting an inode would result in a warning and chowning an inode
would also result in a warning and then fail to complete.

With CONFIG_REISERFS_FS_XATTR enabled, the xattr root would always be
present for read-write operations.

This commit handles -EOPNOSUPP in the same way -ENODATA is handled.

Fixes: 60e4cf67a5 ("reiserfs: fix extended attributes on the root directory")
CC: stable@vger.kernel.org	# Commit 60e4cf67a5 was picked up by stable
Link: https://lore.kernel.org/r/20200115180059.6935-1-jeffm@suse.com
Reported-by: Michael Brunnbauer <brunni@netestate.de>
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Signed-off-by: Jan Kara <jack@suse.cz>
2020-01-16 16:49:29 +01:00
Michał Mirosław
f571389c0b mmc: tegra: fix SDR50 tuning override
Commit 7ad2ed1dfc inadvertently mixed up a quirk flag's name and
broke SDR50 tuning override. Use correct NVQUIRK_ name.

Fixes: 7ad2ed1dfc ("mmc: tegra: enable UHS-I modes")
Cc: <stable@vger.kernel.org>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Reviewed-by: Thierry Reding <treding@nvidia.com>
Tested-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Michał Mirosław <mirq-linux@rere.qmqm.pl>
Link: https://lore.kernel.org/r/9aff1d859935e59edd81e4939e40d6c55e0b55f6.1578390388.git.mirq-linux@rere.qmqm.pl
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
2020-01-16 15:17:36 +01:00
Eyal Birger
61177e911d netfilter: nat: fix ICMP header corruption on ICMP errors
Commit 8303b7e8f0 ("netfilter: nat: fix spurious connection timeouts")
made nf_nat_icmp_reply_translation() use icmp_manip_pkt() as the l4
manipulation function for the outer packet on ICMP errors.

However, icmp_manip_pkt() assumes the packet has an 'id' field which
is not correct for all types of ICMP messages.

This is not correct for ICMP error packets, and leads to bogus bytes
being written the ICMP header, which can be wrongfully regarded as
'length' bytes by RFC 4884 compliant receivers.

Fix by assigning the 'id' field only for ICMP messages that have this
semantic.

Reported-by: Shmulik Ladkani <shmulik.ladkani@gmail.com>
Fixes: 8303b7e8f0 ("netfilter: nat: fix spurious connection timeouts")
Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2020-01-16 15:08:25 +01:00
Madhuparna Bhowmik
93ad0f969f net: wan: lapbether.c: Use built-in RCU list checking
The only callers of the function lapbeth_get_x25_dev()
are lapbeth_rcv() and lapbeth_device_event().

lapbeth_rcv() uses rcu_read_lock() whereas lapbeth_device_event()
is called with RTNL held (As mentioned in the comments).

Therefore, pass lockdep_rtnl_is_held() as cond argument in
list_for_each_entry_rcu();

Signed-off-by: Madhuparna Bhowmik <madhuparnabhowmik04@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-16 14:30:52 +01:00
Florian Westphal
335178d542 netfilter: nf_tables: fix flowtable list del corruption
syzbot reported following crash:

  list_del corruption, ffff88808c9bb000->prev is LIST_POISON2 (dead000000000122)
  [..]
  Call Trace:
   __list_del_entry include/linux/list.h:131 [inline]
   list_del_rcu include/linux/rculist.h:148 [inline]
   nf_tables_commit+0x1068/0x3b30 net/netfilter/nf_tables_api.c:7183
   [..]

The commit transaction list has:

NFT_MSG_NEWTABLE
NFT_MSG_NEWFLOWTABLE
NFT_MSG_DELFLOWTABLE
NFT_MSG_DELTABLE

A missing generation check during DELTABLE processing causes it to queue
the DELFLOWTABLE operation a second time, so we corrupt the list here:

  case NFT_MSG_DELFLOWTABLE:
     list_del_rcu(&nft_trans_flowtable(trans)->list);
     nf_tables_flowtable_notify(&trans->ctx,

because we have two different DELFLOWTABLE transactions for the same
flowtable.  We then call list_del_rcu() twice for the same flowtable->list.

The object handling seems to suffer from the same bug so add a generation
check too and only queue delete transactions for flowtables/objects that
are still active in the next generation.

Reported-by: syzbot+37a6804945a3a13b1572@syzkaller.appspotmail.com
Fixes: 3b49e2e94e ("netfilter: nf_tables: add flow table netlink frontend")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2020-01-16 14:22:33 +01:00
Dan Carpenter
cd77e75b5e netfilter: nf_tables: fix memory leak in nf_tables_parse_netdev_hooks()
Syzbot detected a leak in nf_tables_parse_netdev_hooks().  If the hook
already exists, then the error handling doesn't free the newest "hook".

Reported-by: syzbot+f9d4095107fc8749c69c@syzkaller.appspotmail.com
Fixes: b75a3e8371 ("netfilter: nf_tables: allow netdevice to be used only once per flowtable")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2020-01-16 14:22:32 +01:00
Florian Westphal
9332d27d79 netfilter: nf_tables: remove WARN and add NLA_STRING upper limits
This WARN can trigger because some of the names fed to the module
autoload function can be of arbitrary length.

Remove the WARN and add limits for all NLA_STRING attributes.

Reported-by: syzbot+0e63ae76d117ae1c3a01@syzkaller.appspotmail.com
Fixes: 452238e8d5 ("netfilter: nf_tables: add and use helper for module autoload")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2020-01-16 14:22:32 +01:00
Florian Westphal
9ec22d7c6c netfilter: nft_tunnel: ERSPAN_VERSION must not be null
Fixes: af308b94a2 ("netfilter: nf_tables: add tunnel support")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2020-01-16 14:22:32 +01:00
Florian Westphal
1c702bf902 netfilter: nft_tunnel: fix null-attribute check
else we get null deref when one of the attributes is missing, both
must be non-null.

Reported-by: syzbot+76d0b80493ac881ff77b@syzkaller.appspotmail.com
Fixes: aaecfdb5c5 ("netfilter: nf_tables: match on tunnel metadata")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2020-01-16 14:22:32 +01:00
Pablo Neira Ayuso
ec7470b834 netfilter: nf_tables: store transaction list locally while requesting module
This patch fixes a WARN_ON in nft_set_destroy() due to missing
set reference count drop from the preparation phase. This is triggered
by the module autoload path. Do not exercise the abort path from
nft_request_module() while preparation phase cleaning up is still
pending.

 WARNING: CPU: 3 PID: 3456 at net/netfilter/nf_tables_api.c:3740 nft_set_destroy+0x45/0x50 [nf_tables]
 [...]
 CPU: 3 PID: 3456 Comm: nft Not tainted 5.4.6-arch3-1 #1
 RIP: 0010:nft_set_destroy+0x45/0x50 [nf_tables]
 Code: e8 30 eb 83 c6 48 8b 85 80 00 00 00 48 8b b8 90 00 00 00 e8 dd 6b d7 c5 48 8b 7d 30 e8 24 dd eb c5 48 89 ef 5d e9 6b c6 e5 c5 <0f> 0b c3 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 8b 7f 10 e9 52
 RSP: 0018:ffffac4f43e53700 EFLAGS: 00010202
 RAX: 0000000000000001 RBX: ffff99d63a154d80 RCX: 0000000001f88e03
 RDX: 0000000001f88c03 RSI: ffff99d6560ef0c0 RDI: ffff99d63a101200
 RBP: ffff99d617721de0 R08: 0000000000000000 R09: 0000000000000318
 R10: 00000000f0000000 R11: 0000000000000001 R12: ffffffff880fabf0
 R13: dead000000000122 R14: dead000000000100 R15: ffff99d63a154d80
 FS:  00007ff3dbd5b740(0000) GS:ffff99d6560c0000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 00001cb5de6a9000 CR3: 000000016eb6a004 CR4: 00000000001606e0
 Call Trace:
  __nf_tables_abort+0x3e3/0x6d0 [nf_tables]
  nft_request_module+0x6f/0x110 [nf_tables]
  nft_expr_type_request_module+0x28/0x50 [nf_tables]
  nf_tables_expr_parse+0x198/0x1f0 [nf_tables]
  nft_expr_init+0x3b/0xf0 [nf_tables]
  nft_dynset_init+0x1e2/0x410 [nf_tables]
  nf_tables_newrule+0x30a/0x930 [nf_tables]
  nfnetlink_rcv_batch+0x2a0/0x640 [nfnetlink]
  nfnetlink_rcv+0x125/0x171 [nfnetlink]
  netlink_unicast+0x179/0x210
  netlink_sendmsg+0x208/0x3d0
  sock_sendmsg+0x5e/0x60
  ____sys_sendmsg+0x21b/0x290

Update comment on the code to describe the new behaviour.

Reported-by: Marco Oliverio <marco.oliverio@tanaza.com>
Fixes: 452238e8d5 ("netfilter: nf_tables: add and use helper for module autoload")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2020-01-16 14:21:51 +01:00
Takashi Iwai
e5dbdcb312 ASoC: Fixes for v5.5
This is mostly driver specific fixes, plus an error handling fix
 in the core.  There is a rather large diffstat for the stm32 SAI
 driver, this is a very large but mostly mechanical update which
 wraps every register access in the driver to allow a fix to the
 locking which avoids circular locks, the active change is much
 smaller and more reasonably sized.
 -----BEGIN PGP SIGNATURE-----
 
 iQFHBAABCgAxFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAl4gVcMTHGJyb29uaWVA
 a2VybmVsLm9yZwAKCRAk1otyXVSH0IMOB/wJszUsDT3K46IvCg0qKJhsW+vsFsuo
 bjk03Fsbi/v6ukcrIbRxBl50saqut8MFibSgrMTlDCkCOvQbz3C+S2N96N9SKWSX
 gfEYd6PzdxVkZCx8xqybB82WGXjNBzoJue7lIYe2ytCIwjasPZtBjfNW9E+6KNkC
 zOGoRLGSDepZRovDQM8JbALhKHw4z5a19fDOGiESuDfp3kjsTKAe8R+UXRvcsIDc
 mqBblGMcKOZtRw87MDlDK2iKLPJEKAS3ndr6/a8+iX02hJMb3Yu6NbMmU4/0kHfC
 3xc7xoyTZW8GVnhsLchJhOBaz+TFizTqBJTCr1tjkEjPB504SZm+/Wtx
 =/nsR
 -----END PGP SIGNATURE-----

Merge tag 'asoc-fix-v5.5-rc6' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus

ASoC: Fixes for v5.5

This is mostly driver specific fixes, plus an error handling fix
in the core.  There is a rather large diffstat for the stm32 SAI
driver, this is a very large but mostly mechanical update which
wraps every register access in the driver to allow a fix to the
locking which avoids circular locks, the active change is much
smaller and more reasonably sized.
2020-01-16 14:14:26 +01:00